W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2021

Re: Port 80 deprecation

From: Adrien de Croy <adrien@qbik.com>
Date: Mon, 07 Jun 2021 03:38:15 +0000
To: "Paul Vixie" <paul@redbarn.org>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-Id: <em77cdcccc-e469-4888-91c2-a84330e7dbd3@bombadil>

I'm waiting for someone to propose https for accessLocation for OCSP

Then we will have a nice little Gordian knot.

CRL checks also have to use http.


------ Original Message ------
From: "Paul Vixie" <paul@redbarn.org>
To: "Ilari Liusvaara" <ilariliusvaara@welho.com>
Cc: "Toerless Eckert" <tte@cs.fau.de>; "ietf-http-wg@w3.org" 
<ietf-http-wg@w3.org>
Sent: 6/06/2021 6:07:30 am
Subject: Re: Port 80 deprecation

>just be aware that i can't get a "localhost" certificate from an X.509 CA, and
>that the overhead of running an in-house CA just to accomplish this unneccessary
>purpose so that i can encrypt and decrypt data between processes who share a CPU,
>is unthinkable. (the plaintext will be visible inside the process endpoints, so
>there are literally not "on-path advesaries" to protect against.)
>
>for web-style API's inside a system image or hypervisor, TLS will mostly not be
>used. where it is used, global/universal domain names and IP addresses will have
>to be used (to get the X.509 CA system to work), or a private CA will be used.
>this would be all cost no benefit, so, infinitely bad cost:benefit ratio. "nope."
>
>HTTP over TCP/80 is forever. but we can say something else if politically nec'y,
>but that outcome will not change. i've already had to avoid a GoLang SMTP module
>which had no non-SMTPS outbound capability and so could not talk to my private
>PostFix server. the TLS-uber-alles mantra is going to lead to some real trouble.
>
>--
>Paul Vixie
>
Received on Monday, 7 June 2021 03:38:41 UTC

This archive was generated by hypermail 2.4.0 : Monday, 7 June 2021 03:39:01 UTC